Extract setHeaders method.

[aacic]

Description

This is a draft pull request, we need to analyze it before merging it.

Checklist

Check each task that has been performed or verified to be not applicable.

• [x] Tests: added and/or passed unit and integration tests, or N/A
• [x] Todos: commented or documented, or N/A
• [x] Notable Changes: updated release.txt, prefixed a commit message with "fix:" or "feat:", added to an internal tracking document, or N/A

[siosonel]

Tested to make sure that the express.static() middleware does not require its own setHeaders() function, that the middleware before it that sets the headers is sufficient, and it looks like that's what's happening.

I tested by:

1. Creating a "test" string value for Access-Control-Allow-Origin in app.middleware.js

2. In Chrome dev tools Networks tab, this response header matches the test value

Pending test of file:///Users/esioson/dev/sjpp/proteinpaint/public/index.html: errors only show up when clicking on cards, where the hostURL has been set to use window.location.origin